=== OpenVPN DCO

Links: +
link:https://reviews.freebsd.org/D34340[D34340] URL: link:https://reviews.freebsd.org/D34340[D34340] +
link:https://community.openvpn.net/openvpn/wiki/DataChannelOffload[OpenVPN wiki] URL: https://community.openvpn.net/openvpn/wiki/DataChannelOffload[OpenVPN wiki]

Contact: Kristof Provost <kp@FreeBSD.org>

OpenVPN DCO (or Data Channel Offload) moves OpenVPN data packet processing into the kernel.

Traditionally OpenVPN uses a tun(4) interface to transmit and receive packets.
In this setup received packets are received by the kernel, passed to the OpenVPN application for decryption, then passed back into the kernel for network stack processing.
This requires several transitions between kernel- and userspace, and naturally imposes a performance cost.

The new if_ovpn OpenVPN DCO offload driver performs the encryption/decryption entirely within the kernel, improving performance.

Initial performance testing shows throughput improved from around 660Mbit/s to around 2Gbit/s.

The userspace OpenVPN code also requires modification to use the new if_ovpn offload driver.
This is expected to be part of a future 2.6.0 OpenVPN release.

Sponsor: Rubicon Communications, LLC ("Netgate")
